After Hours

General discussion


Cisco, Juniper, or Sonicwall? Let the flames begin!

By jfuller05 ·
Tags: Off Topic

Seriously though, network guys, do you care to give quick pros and cons of each?

I'm a sonicwall guy, but only because that is the firewall I inherited from the previous IT specialist's setup. I've heard good things about Cisco and Juniper firewalls, but only from those vendors. I would like to hear from the techs in the trenches.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by robo_dev In reply to Cisco, Juniper, or Sonicw ...

Cisco gear is very durable and well engineered hardware (the enterprise-grade stuff). I've been working in networking for 15+ years and except for extreme events like floods or lightning strikes, a true hardware failure from a Cisco product is very rare.

Cisco tech support is very good.

There are two downsides to Cisco. First of all, it aint cheap, so it can be hard to justify to management why their switch/router/firewall costs a lot more. Second, in terms of raw performance and packet throughput, often it's competitors (like Juniper) are going to win a performance shoot-out.

I have not worked with Juniper, but have worked with Extreme, CheckPoint, SecureComputing (now McAfee), and 3Com as well as lots of other brands which are no longer around.....

Collapse -

My customers use different firewalls

by NickNielsen In reply to Cisco, Juniper, or Sonicw ...

One uses Juniper and is very happy with them; The same customer uses Cisco routers and ProCurve switches. Another uses Proventia firewalls and is happy with them; that customer is otherwise all Cisco, routers and switches. We don't handle the network systems for some customers, but I've seen Sonicwall and Cisco firewalls out there.

I think it comes down to whatever you're comfortable with, whether that comfort level is what you know or what you can afford.

Collapse -

Both good things to consider before purchasing.

by jfuller05 In reply to Cisco, Juniper, or Sonicw ...

My place of work has used Sonicwall for about 8 years now. The previous tech installed a Sonicwall for the network and it lasted about 6 years. The processor in the unit failed, so we had to buy a new one, a TZ-210, which I'm satisfied with because I became comfortable using a sonicwall device.

So, if hardware is key then it sounds like Cisco is the King of reliable hardware. However, if comfort level is key, then you'll go with what you're comfortable with. All around, it seems like Sonicwall, Cisco, and Juniper are all god products.

Collapse -

Cisco all the way

by JPElectron In reply to Cisco, Juniper, or Sonicw ...

I've always used Cisco and never looked back. You get what you pay for. Sonicwall had a terrible DNS bug awhile back (sure, now it's fixed) but it took them way too long to fix such that I had to rip out many and replace them with Cisco's

The biggest gripe I get from other techs is they want a GUI cause they just can't be bothered to learn a command-line. To me, this is a real indication that they shouldn't be a tech, but that aside - Cisco ASA's have all had a GUI for awhile now called ASDM, and most of the later Cisco documentation gives you the steps to do something in both ASDM and via telnet - so take your pick!

Collapse -


by paradigm49 In reply to Cisco, Juniper, or Sonicw ...

Personally i've used Sonicwall, Cisco, Juniper and HP, and makes some incredible hardware and i cannot discredit them for that in the least, and they are very very reliable for the most part, but when it comes to your ROI and ease of setup---sonicwall is still going to **** cisco out of the water. Licensing fees is what is killing Cisco's business. As it stands right now I'm running twin NSA-3500's for almost 3 years non-stop, with approx 500 site to site VPN connections---haven't had a hiccup. I can't quite say that for the prior setup that was here with only 12 locations and all Cisco (it wasnt out of the ordinary to have to reboot firewalls or switches on a weekly basis)--that may have been the prior network admin's fault, but i'll never know, the hardware is no longer here. I am running a mix of Sonicwall firewalls, Cisco switches and dell switches, and to be frank...the Sonicwall and Dell switches have been the most stable, and least expensive for what I do here. As many companies deal with these days, i can't justify the costs for a HA setup of Cisco firewalls, especially when i can have higher performance and throughput for a cheaper cost. And lets be honest here, yes a GUI is great and makes things alot easier but there are just some things (especially Vmware) that you can't do it gui based and have to get your hands dirty. If Cisco's cost was lower and the flexibility was there, it would be a serious option that i would take a look at when we expand, but as it stands at this point in time, it's just simply not on the table.

Collapse -

my opinion

by myrdin1 In reply to Cisco, Juniper, or Sonicw ...

Cisco : not justified high costs. Ridiculous warranty scheme and support. Support, even paying a lot of money, calls always diverted in India (calling from Australia) with people that can barely speak english. If they dont know what you are talking about (not enough skills) they start diverting calls, assigning case to other people (every single time i have to deal with the engineer assigned the day after is on leave). To setup you need a Cisco specialist, all terms are different from the rest of the world so it is tricky to find information on internet (ex: Cisco calls vlan tagged ports TRUNKS, while for the rest of the world TRUNKS are aggregated ports). They dont offer better performance at all. Cisco scheme is to have one single device per role so if you need to do multi WAn on an ASA you need to put another Cisco router after the ASA, you can't do that with the ASA itself (ahahah try to do some advanced routing with an ASA, it doesnt even support port aggregation since the very latest version released in 2012).
Sonicwall: it is fine, but not enterprise graded. HAving a webinterface to configure everything is still ridiculous. Enterprise graded for me means having a separate applications where you can configure everything and THEN commit all the changes at the same time to the firewll. Not waiting to the webinterface to respond every after single change. It also uses the old stupid paradigm to have NAT and firewall rules separated. This doesnt make sense to save CPU as the modern technology offer super processors that most of the time are used like 5% avarage. Logging is ridiculous tricky, plus the webinterface make everything more complicated. Try to search information on logs, well good luck! Support is ok at least they can speak english! They everytime ignore the timezone and they call in the heart of the night...
Juniper: not enough information to say anything.

BTW: checkpoint and wathcguard FOREVER!

Related Discussions

Related Forums